Aryeh’s Mousing Memoirs

As I’ve indicated in previous blogs here and here, quite a few of us trace our involvement with the wonderful world of malware a long way back. While I’m a comparative newcomer to the vendor side (or the Dark Side, as it seems to be known to some), my friend and colleague Aryeh Goretsky, Distinguished Researcher at ESET LLC, is a veteran of the anti-malware wars who worked in the anti-virus industry when there barely was an anti-virus industry, which gives him both a personal and a historical objective that few people now in the industry can claim..

So it’s a pleasure to see that he’s shared some of those views and experiences in an ESET white paper wittily entitled “Twenty years before the mouse.” (If you don’t get the reference, it’s explained at the bottom of Page 2.)

As it says on the white papers page, “Written in the form of a personal retrospective, this paper compares the earliest days of PC computer viruses with today’s threats, as well as provides a glimpse into the origins of the computer anti-virus industry.”

I took the opportunity to play the journalist and ask him a few questions.

Q: When did someone first tell you that the AV industry wrote all the viruses?

Probably the first time I heard that was in early 1990.  Back when McAfee Associates just started, people would some times call us just to argue that there were no computer viruses, or that if there were, it was because we had written them.

Q: With the benefit of hindsight, is there anything you'd have done differently at the beginning?

A: That's really an interesting question, David.  I joined the company just out of high school at the age of nineteen, so at that point I really did not have any business experience, and the industry grew so fast that we spent a lot of time being reactive instead of proactive.  That said, on a more specific note, I wish we had kept better backups of information.  There's a lot of stuff that never got  saved or was lost over the years.

Q: After all these years working in and/or observing the industry, does anything still surprise you?

A: A lot of what we see is very cyclical in nature, but sometimes the amount of time between cycles is so large that it appears to be new (or novel) to some of my, ahem, less-seasoned colleagues.  Mass outbreaks and industry consolidation have been occurring for many years, so there is nothing really new in that space.  Likewise, much of the innovations we now see in antimalware software seem built  upon earlier work.

Q: Do you see yourself still working in the security industry in twenty years time?

A: I suspect I might be, however, I also suspect that industry in twenty years will have very little to do with the types of threats we see today.

(OK, so I won’t be headhunted by the Wall Street Journal any time soon for my hardnosed investigative journalism...)

David Harley CITP FBCS CISSP
Senior Research Fellow